The Latest News on Security, Privacy & Compliance
There are several privacy, security and compliance topics making headlines and trending across the healthcare IT industry. A new OCR settlement was announced late in November. Will it be the final settlement in 2016? Hacking continues to be a big threat, and the industry is looking ahead to see what 2017 will bring. Read our latest newsletter to catch up on some of the top headlines from around the industry and at CynergisTek.
Designating Hybrid Entity Status Under HIPAA in a University Setting

Following OCR's recent resolution agreement with UMass, Marti Arvin wrote this blog post which discusses the complexities university settings pose when determining which functions belong inside the health care components of its hybrid entity status.
 

A Practical Guide to Healthcare Disaster Recovery Planning

Even though cyber attacks have increased recently, many healthcare organizations still lack a disaster recovery plan. Our VP of Security Services Jeremy Molnar wrote a blog post that provides practical processes that can help to make disaster recovery more workable.
 

Infographic: CHIME and AEHIS Cybersecurity Survey

We recently released an infographic that highlights data from the recent CHIME and AEHIS Cybersecurity Survey. The organizations' members were asked about their top threats and vulnerabilities of concern, among other topics. View our latest infographic to see what was reported as the top concern.
 

Penetration Testing Methodologies: In the Clear

In his latest blog post, John Nye describes the three types of penetration methodologies: crystal, gray and black box testing. He also explains why crystal box testing is the methodology used most often by penetration testers.
 

You've Been Breached! Now What?

This blog post, written by Marti Arvin, outlines best practices for how healthcare organizations should react after they experience a breach in order to ensure that everyday privacy and information security operations return to normal as soon as possible.
 

What's on HHS OIG's Plan for Scrutinizing Security in 2017?

The HHS OIG recently revealed its 2017 work plan, outlining areas it plans to review next year including medical device cybersecurity and EHR data protection. Industry experts welcome these initiatives.
 

UMass HIPAA Settlement is a Clarion Call to Colleges and Universities

David Holtzman's blog post describes the recent UMass OCR settlement, the first of its kind, and how other educational institutions should review how they are identifying their HIPAA covered components.
   

Compliance Isn't Enough: Improving Governance, Risk Management, Compliance

This blog post highlights takeaways from Mac McMillan's presentation at the Caradigm Customer Summit, during which he discussed how HIPAA compliance does not equal security.
 

What Will Tomorrow Bring for IT Security?

Mac McMillan provides an outlook into what 2017 will bring for healthcare IT security. Among the topics he discusses are IoT, cyber espionage and the cyber professional shortage.
 

Upcoming Educational Events
CynergisTek executives are speaking at several conferences during the first few months of 2017, including HCCA regional events, HIMSS17 and the HCCA Compliance Institute. CynergisTek is also providing our free HIPAA Privacy and Security Workshops across the nation and will be debuting topic-specific workshops (privacy, research and cybersecurity) in 2017. Click here for more details on all upcoming educational events.

Thank you for reading this month's newsletter. Click here if you would like to see additional topics addressed in the future.